private static Interop.Secur32.SecureCredential CreateSecureCredential( int version, X509Certificate certificate, Interop.Secur32.SecureCredential.Flags flags, int protocols, EncryptionPolicy policy) { var credential = new Interop.Secur32.SecureCredential() { rootStore = IntPtr.Zero, phMappers = IntPtr.Zero, palgSupportedAlgs = IntPtr.Zero, certContextArray = IntPtr.Zero, cCreds = 0, cMappers = 0, cSupportedAlgs = 0, dwSessionLifespan = 0, reserved = 0 }; if (policy == EncryptionPolicy.RequireEncryption) { // Prohibit null encryption cipher. credential.dwMinimumCipherStrength = 0; credential.dwMaximumCipherStrength = 0; } else if (policy == EncryptionPolicy.AllowNoEncryption) { // Allow null encryption cipher in addition to other ciphers. credential.dwMinimumCipherStrength = -1; credential.dwMaximumCipherStrength = 0; } else if (policy == EncryptionPolicy.NoEncryption) { // Suppress all encryption and require null encryption cipher only credential.dwMinimumCipherStrength = -1; credential.dwMaximumCipherStrength = -1; } else { throw new ArgumentException(SR.Format(SR.net_invalid_enum, "EncryptionPolicy"), "policy"); } credential.version = version; credential.dwFlags = flags; credential.grbitEnabledProtocols = protocols; if (certificate != null) { credential.certContextArray = certificate.Handle; credential.cCreds = 1; } return(credential); }
private Interop.Secur32.SecureCredential CreateSecureCredential(int version, X509Certificate certificate, SslProtocols protocols, EncryptionPolicy policy, bool isServer) { Interop.Secur32.SecureCredential.Flags flags = Interop.Secur32.SecureCredential.Flags.Zero; if (!isServer) { flags = Interop.Secur32.SecureCredential.Flags.ValidateManual | Interop.Secur32.SecureCredential.Flags.NoDefaultCred; if ((protocols.HasFlag(SslProtocols.Tls) || protocols.HasFlag(SslProtocols.Tls11) || protocols.HasFlag(SslProtocols.Tls12)) && (policy != EncryptionPolicy.AllowNoEncryption) && (policy != EncryptionPolicy.NoEncryption)) { flags |= Interop.Secur32.SecureCredential.Flags.UseStrongCrypto; } } var credential = new Interop.Secur32.SecureCredential() { rootStore = IntPtr.Zero, phMappers = IntPtr.Zero, palgSupportedAlgs = IntPtr.Zero, certContextArray = IntPtr.Zero, cCreds = 0, cMappers = 0, cSupportedAlgs = 0, dwSessionLifespan = 0, reserved = 0 }; if (policy == EncryptionPolicy.RequireEncryption) { // Prohibit null encryption cipher. credential.dwMinimumCipherStrength = 0; credential.dwMaximumCipherStrength = 0; } else if (policy == EncryptionPolicy.AllowNoEncryption) { // Allow null encryption cipher in addition to other ciphers. credential.dwMinimumCipherStrength = -1; credential.dwMaximumCipherStrength = 0; } else if (policy == EncryptionPolicy.NoEncryption) { // Suppress all encryption and require null encryption cipher only credential.dwMinimumCipherStrength = -1; credential.dwMaximumCipherStrength = -1; } else { throw new ArgumentException(SR.Format(SR.net_invalid_enum, "EncryptionPolicy"), "policy"); } int _protocolFlags = 0; if (isServer) { _protocolFlags = ((int)protocols & Interop.SChannel.ServerProtocolMask); } else { _protocolFlags = ((int)protocols & Interop.SChannel.ClientProtocolMask); } credential.version = version; credential.dwFlags = flags; credential.grbitEnabledProtocols = _protocolFlags; if (certificate != null) { credential.certContextArray = certificate.Handle; credential.cCreds = 1; } return(credential); }